Security Advisory

SAP Product Security Update Advisory

  • Dec 11 2025
SAP Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in SAP products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-42880

 

SAP Solution Manager versions: ST 720

 

CVE-2025-42928

 

SAP jConnect – SDK for ASE versions: Sysbase_software_developer_kit 16.0.4, 16.1

 

CVE-2025-42878

 

SAP Web Dispatcher and Internet Communication Manager (ICM) version: KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.22_EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16

 

CVE-2025-42874

 

SAP NetWeaver (remote service for Xcelsius) versions: BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50, BIWEBAPP 7.50

 

CVE-2025-48976

 

SAP Business Objects versions: Enterprise 430, 2025, 2027

 

CVE-2025-42877

 

SAP Web Dispatcher, Internet Communication Manager and SAP Content Server versions: Krnl64uc 7.53, webdisp 7.53, 7.54, xs_advanced_runtime 1.00, sap_extended_app_services 1, conserv 7.53, 7.54, kernel 7.53, 7.54

 

CVE-2025-42876

 

SAP S/4 HANA Private Cloud (Financials General Ledger) versions: S4core 104, 105, 106, 107, 108, 109

 

 

Resolved Vulnerabilities

 

Code Injection Vulnerability in SAP Solution Manager (CVE-2025-42880)
Deserialization vulnerability in SAP jConnect – SDK for ASE (CVE-2025-42928)
Sensitive information disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager (CVE-2025-42878)
Denial of Service Vulnerability in SAP NetWeaver (CVE-2025-42874)
Denial of Service Vulnerability in SAP Business Objects (CVE-2025-48976)
Memory corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager, and SAP Content Server (CVE-2025-42877)
Missing Authorization Check Vulnerability in SAP S/4 HANA Private Cloud (CVE-2025-42876)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

Cve-2025-42880, cve-2025-42928, cve-2025-42878, cve-2025-42874, cve-2025-48976, cve-2025-42877, cve-2025-42876

 

Separate security patches are available [2][3][4][5][6][7][8]

 

 

References

 

[1] SAP Security Patch Day – December 2025
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html
[2] cve-2025-42880
https://me.sap.com/notes/3685270
[3] cve-2025-42928
https://me.sap.com/notes/3685286
[4] cve-2025-42878
https://me.sap.com/notes/3684682
[5] cve-2025-42874
https://me.sap.com/notes/3640185
[6] cve-2025-48976
https://me.sap.com/notes/3650226
[7] cve-2025-42877
https://me.sap.com/notes/3677544
[8] cve-2025-42876
https://me.sap.com/notes/3672151

Tags:
Previous Post

Next Post